Invalid Password
You entered in a bad password, don't do that too much or you'll be rate limited.
Account Settings Updated Successfully
Your account settings have been updated and take effect immediately.
Account Update Failed

Password Reset Performed Successfully
If you have an account with us then we've sent a password reset message to that email address.
Team Updated Successfully
Your team settings have been updated and take effect immediately.
Team Update Failed

Team Retrieval Error
Unable to retrieve your teams.

Log In





*

= Required

Reset Password


XSS Payload Fires
Injection Time (UTC) Options
HTML Injection Payload Fires
Injection Time (UTC) Options

- The basic XSS payload.

- For use where a URL is taken as input.

- This bypasses a poorly designed blacklist system with the HTML5 autofocus attribute.

- Another basic payload for when <script> tags are explicitly filtered.

- HTML5 payload that only works in Firefox, Chrome, and Opera.

- HTML5 payload that only works in Firefox, Chrome, and Opera.

- Used for the exploitation of web applications with Content Security Policies containing script-src but have unsafe-inline enabled.

- An example payload for sites that include JQuery.

- HTML injection using onmouseover and exfil of base64(document.cookie + '||' + document.URL).
Teams
Name Options